CVE-2016-4480

NameCVE-2016-4480
DescriptionThe guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-571-1, DSA-3633-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)jessie4.4.1-9+deb8u10fixed
jessie (security)4.4.4lts5-0+deb8u1fixed
stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster, buster (security)4.11.3+24-g14b62ab3e5-1~deb10u1fixed
bullseye, sid4.11.3+24-g14b62ab3e5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.8.0~rc3-1
xensourcejessie4.4.1-9+deb8u6DSA-3633-1
xensourcewheezy4.1.6.lts1-1DLA-571-1

Notes

http://xenbits.xen.org/xsa/advisory-176.html

Search for package or bug name: Reporting problems